Chris Soghoian: "Deceptive Phishing Research: Moral Questions and Legal Issues"


Wednesday, October 22, 2008, 12:00pm to 1:30pm


Maxwell Dworkin 119

CRCS Privacy and Security Lunch Seminar

Date: Wednesday, October 22, 2008
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 119

Speaker: Chris Soghoian

Title:  Deceptive Phishing Research: Moral Questions and Legal Issues

Abstract:  Researchers are increasingly turning to live, “in the wild” phishing studies of users, who unknowingly participate without giving informed consent. Such studies can expose researchers to a number of unique, and fairly significant legal risks. This talk will introduce four case studies highlighting potential moral pitfalls, steps that researchers have taken to avoid legal problems, and the legal risks that they were unable to avoid. It will then provide a high-level introduction to a few particularly dangerous areas of the law. Finally, it will conclude with a series of best practices that may help researchers to avoid legal troubles.

Bio: Christopher Soghoian is a student fellow at Harvard University’s Berkman Center for Internet and Society and is a PhD candidate at Indiana University’s School of Informatics. His research on airport security and the no-fly lists drew the attention of both the TSA and FBI and later prompted the introduction of secure tamper-proof boarding passes in airports around the country. His work has also been cited in testimony before the United States Senate Committee on the Judiciary and in a report issued by the House Committee for Oversight and Government Reform.

His research is focused on security, privacy, cyber-law and technology policy — particularly with regard to phishing and other deception based attacks. He also writes the “Surveillance State” blog for CNET Networks.